Re: Arch Linux security is still poor....

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 16/03/10 07:43, Ananda Samaddar wrote:
On Tue, 16 Mar 2010 07:29:45 +1000
Allan McRae<allan@xxxxxxxxxxxxx>  wrote:

As an aside, I would like to see some numbers on where we could
improve in this area.  I have been following the CVE announcements
and several other distros security releases for the past few months
and from what I see, I believe Arch is mostly ahead of the game.
Following the latest upstream releases has its advantages.

Allan


This may be true in the sense that by using the latest packages we are
incorporating security fixes as they are released by default.  I take
issue with the fact that there's no dedicated team and nothing in place
to deal with security alerts.

There is no dedicated team, but as I said, we appear to be mostly ahead of the game in this respect. I would be interested to see how many packages suffer from security issues that we miss.

The other issue being the lack of signed packages.

Providing code is the way to fix this. There is a good start that has been made and it mostly needs someone dedicated to finish it off.

I don't know how much of a problem this is for other Arch
users.

Would there be any enthusiasm for a dedicated security team?  I feel
strongly enough about it that if something can't be done then I'm
switching to another distro. Despite the fact that I really like Arch,
it's one deficiency is a pretty glaring one in my opinion.  I hope this
doesn't turn into a flamefest and my opinions are by no means meant to
be a slight on the Arch devs or community.

Sure there is enthusiasm for such a venture, at least judging by how many times this has been bought up in the past. I think one or two of those times an actual project started up but then died. So it appears enthusiasm yes, continual motivation no (at least up until now...).

And, this is a great candidate for a community project. A group could monitor security issues and file bugs to get the devs to fix them. This is the way all Arch projects start and if they are useful, they may get taken on board and made official.

Allan


[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Share Photos]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]
  Powered by Linux